Forum Discussion
Question re: HTTP::retry
I have an embedded webserver on a device in my network and am working on a rule to basically by-pass the login screen.
The trick with the login process is that it collects a username and a password, but also seeds the page with a randomly generated 8-character string. These three strings are concatenated together, MD5 hashed via some javascript, and POSTed to the form action location.
I've got the salt-grabbing and md5-hashing hex digest stuff worked out, but am getting hung up on the retry. I've looked in pcaps but don't see the POST ever leaving the LTM. Here's the rule. The POST request has been pared down a bit to eliminate some of the client request headers for the sake of readability.
when HTTP_RESPONSE {
if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] < 1000000} {
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1000000
}
if { $content_length > 0 } {
HTTP::collect $content_length
}
}
when HTTP_RESPONSE_DATA {
get the salt off the page
set salt_value [lindex [regexp -all -inline {(ge\" VALUE=\")(.{8})} [HTTP::payload]] 2]
log local0. "salt -> $salt_value"
set response "adminpassword123$salt_value"
log local0. "salted response -> $response"
binary scan [ md5 $response ] H* hexhash
log local0. "md5(hex) of $response -> $hexhash"
Here goes
HTTP::retry "POST /tgi/login.tgi HTTP/1.1\r\n
Host: 10.10.10.10\r\nContent-Type: application/x-www-form-urlencoded\r\n
Content-Length: 77\r\n\r\nUsername=admin&Password=&Challenge=&Response=$hexhash"
}
- James_Quinby_46Historic F5 Account...and sorry for the heinous formatting. I"ve been trying for the last 20 minutes to make this all neat and pretty. Every time I edit, things get uglier. Quitting here.
- hooleylistCirrostratusIs the problem that the POST request isn't being sent? Can you try reposting your code in [ code ] [/ code ] blocks in a new reply to this thread?
- James_Quinby_46Historic F5 Account
Correct. The POST doesn't get sent at all. That last logging statement gets printed out correctly, so I know the rule is proceeding that far. Just not seeing anything actually leave the box.
- James_Quinby_46Historic F5 AccountGood grief. Just delete that last message. I seem to be cursed.
- Joel_MosesNimbostratusThree questions:
- James_Quinby_46Historic F5 AccountJoel -
- Joel_MosesNimbostratusOne more: Is the response payload from the server that you're initially plucking off coming through with "Content-Encoding: gzip"? That is to say, is it compressed when the LTM gets ahold of it?
- Joel_MosesNimbostratusY'know what? Disregard the above. If you're logging the right input values, you're not compressed coming from the pool member.
when CLIENT_ACCEPTED { set trypost 0 set collected 0 set retried 0 } when HTTP_REQUEST { if { (! $retried) && ([HTTP::method] equals "GET") && ([string tolower [HTTP::uri]] equals "/tgi/login.tgi") } { set trypost 1 HTTP::header sanitize "Accept-Encoding Connection Keep-Alive" HTTP::header insert Connection "close" } } when HTTP_RESPONSE { if {($trypost) && (! $collected) && (! $retrying) }{ if {[HTTP::header exists Content-Length] && ([HTTP::header Content-Length] < 100000)} { set clength [HTTP::header Content-Length] } else { set clength 100000 } HTTP::collect $clength set collected 1 } } when HTTP_RESPONSE_DATA { if { ($trypost) && ($collected) && (! $retried) } { set salt_value [lindex [regexp -all -inline {(ge\" VALUE=\")(.{8})} [HTTP::payload]] 2] log local0. "salt -> $salt_value" set response "adminpassword123$salt_value" log local0. "salted response -> $response" binary scan [ md5 $response ] H* hexhash log local0. "md5(hex) of $response -> $hexhash" HTTP::payload replace 0 [HTTP::payload length] "" HTTP::retry "POST /tgi/login.tgi HTTP/1.1\r\n Host: 10.10.10.10\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 77\r\n\r\nUsername=admin&Password=&Challenge=&Response=$hexhash" set trypost 0 set collected 0 set retried 1 } }
- Joel_MosesNimbostratusForum strikes again, and I'm not going to go back and re-edit (you know how that works :) )... Replace all the & with a plain 'ol ampersand, please.
- James_Quinby_46Historic F5 AccountI may be up against a badly written TCP stack and/or HTTP server. I've come across some other threads out there regarding this embedded device and there are some fairly uniform complaints about things Just Not Working. For sanity checking, I've wrapped my POST request in a shell script with nc and am still not making much in the way of progress. Real work calls again soon, so I'll need to putz around with this as I have time. This thread: Click Here
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com